I'm a technology, privacy, and information security reporter and most recently the author of the book This Machine Kills Secrets, a chronicle of the history and future of information leaks, from the Pentagon Papers to WikiLeaks and beyond.
I've covered the hacker beat for Forbes since 2007, with frequent detours into digital miscellania like switches, servers, supercomputers, search, e-books, online censorship, robots, and China. My favorite stories are the ones where non-fiction resembles science fiction. My favorite sources usually have the word "research" in their titles.
Since I joined Forbes, this job has taken me from an autonomous car race in the California desert all the way to Beijing, where I wrote the first English-language cover story on the Chinese search billionaire Robin Li for Forbes Asia. Black hats, white hats, cyborgs, cyberspies, idiot savants and even CEOs are welcome to email me at agreenberg (at) forbes.com. My PGP public key can be found here.

Silk Road 2.0 'Hack' Blamed On Bitcoin Bug, All Funds Stolen

The same bug that has plagued several of the biggest players in the Bitcoin economy may have just bitten the Silk Road.

On Thursday, one of the recently-reincarnated drug-selling black market site’s administrators posted a long announcement to the Silk Road 2.0 forums admitting that the site had been hacked by one of its sellers, and its reserve of Bitcoins belonging to both the users and the site itself stolen. The admin, who goes by the name “Defcon,” blamed the same “transaction malleability” bug in the Bitcoin protocol that led to several of the cryptocurrency’s exchanges halting withdrawals in the previous week.

“I am sweating as I write this… I must utter words all too familiar to this scarred community: We have been hacked,” Defcon wrote. “Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as “transaction malleability” to repeatedly withdraw coins from our system until it was completely empty.”

A message on the Silk Road homepage linking to Defcon’s “hacking” announcement.

Just how many bitcoins were stolen wasn’t said in the post, although it listed a series of Bitcoin addresses that the Silk Road administrators believe to have been involved in the heist. Those transactions seem to point to a single Bitcoin address that contains 58,800 coins, worth more than $36.1 million at current exchange rates. But tracing Bitcoin’s pseudonymous transactions is always tricky–other estimates range from 41,200 by a Silk Road user and 88,000 by the Bitcoin news site.

Update: Nicholas Weaver, a researcher at the International Computer Science Institute, estimates the total theft of Silk Road’s bitcoins at a much lower number: just 4,400 or so coins, worth around $2.6 million.

Based on the Silk Road’s data about the attack, the site’s staff point to three possible attackers, two in Australia and one in France. “Stop at nothing to bring this person to your own definition of justice,” Defcon writes.

Silk Road’s users, predictably, didn’t take the announcement at face value, and many instead suspect that the site’s staff have used the “transaction malleability” bug as a scapegoat to cover their own incompetence–the site has been plagued with more pedestrian bugs since launching in November–or even that they’ve run off with the users’ bitcoins themselves. “Transaction malleability,” after all, has been a known issue with Bitcoin for two years, and is described by most Bitcoin security experts as more of a major nuisance than a real threat that would allow funds to be stolen.

“Something’s not correct: The bug…can’t be made responsable if bitcoins are missing now!” writes a user named pathfinder.

“Oh, this is rich. How many users called for the shutdown of SR2 to fix the problems? They were ignored,” writes a user named aqualung on the site’s forums. “Admins did this. Not some vendor.”

Defcon denied those accusations, but took full responsibility for allowing the theft. “I didn’t run with the gold,” he writes. “I have failed you as a leader, and am completely devastated by today’s discoveries…It is a crushing blow. I cannot find the words to express how deeply I want this movement to be safe from the very threats I just watched materialize during my watch.”

The hack is just latest in a series of mishaps, crackdowns and scams that have roiled the “dark web” drug market since the shutdown of the original Silk Road anonymous drug site in October by the FBI. Among the more than half dozen sites that have sprouted to pick up Silk Road’s lucrative stream of Bitcoin-based drug transactions, at least three have run off with the users’ funds and two have shut down after being hacked. Several drug site administrators have also been arrested, including three former Silk Road staffers and five men in the Netherlands and Germany who launched their Silk Road copycat, Utopia, earlier this month.

Amidst that chaos, the relaunched Silk Road has been perhaps the most stable and popular marketplace for drugs and other contraband, with over 13,000 product listings at last count. And its hacking and sudden bankruptcy shakes the anonymous ecommerce community more than any of those other dark web eruptions.

While some Silk Road users wrote on the site’s forums that they planned to take their business to other marketplaces like Pandora and Agora, others declared the Silk Road model altogether dead. All the sites currently keep users’ bitcoins in “escrow” before a transaction is complete to prevent fraud, a model that often allows the funds to be stolen, seized.

Defcon ended his message to the site’s users by announcing that the Silk Road will no longer use an escrow, and will instead ask users to send money directly between buyers and sellers, a model that will no doubt lead to many more scams on the site. But he said that the site will move to so-called “multi-signature” transactions, a largely experimental use of Bitcoin that would require multiple users to “sign off” on a transaction before it’s made. That means a third party could serve as a trusted escrow with no way to steal a user’s funds. He promised a “generous bounty” to anyone who could help Silk Road to implement the change.

“Silk Road will never again be a centralized escrow storage,” Defcon writes. “Hindsight is already suggesting dozens of ways this could have been prevented, but we must march onward.”

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

Anyone stupid enough to leave bitcoins on a hosted server dedicated to selling illegal drugs *deserves* to have them stolen, and I am highly skeptical that blaming this ‘bug’ for the theft has anything to do with it.

Its widely believed in cryptocurrency circles that this “hack” of silk road 2.0 is more likely a inside job. For transaction malleability to be able to “empty” all the Bitcoin funds it has would have to had a TON of incompetence in their coding.

I don’t really feel sorry for anyone who lost money on that site as I have no idea why you would want to store your Bitcoins on the SR2 website. Seems like you were just planning on donating them to the FBI anyways. (Where all the SR1 Bitcoins are now)

Any smart person who stores their Bitcoins encrypted in their personal computer with a backup is just as safe as always.

Two things… First of all how is 4.4K coins at $620 each over $4M? It’s closer to $2.7M

Secondly, have you really taken the time to understand the “bug” related to transaction malleability? I think you’re taking what SR 2.0 says is the reason for the lose and regurgitating it without doing any research. It’s much more likely that SR 2.0 is taking $2.7M and running with it. Why not blame the loss on the Bitcoin network just like Mt Gox while it’s still hot news.

Thanks for pointing out the $4.6/2.6 typo, an editing error we’ve fixed. As for the question of whether transaction malleability can be used for this “hack,” I expressed doubt about it throughout the story, if you actually read it. (starting with putting the word “hack” in quotes in the headline) I’m not going to jump to the conclusion that the funds were stolen by insiders yet either, without evidence. Feel free to do so yourself.

To commenters pointing out that transaction malleability seems like a dubious explanation for the theft of the Silk Road’s bitcoins, I agree. Hence the quotes around the “hack” in the headline and all the other notes in the story that express doubt about Defcon’s version of events. I included theories that the site’s staff ran off with the funds several times in the story. But until we have more information, I can’t jump to the conclusion that the theft of the bitcoins was an “inside job” either.

You can however plainly state that it has absolutely nothing to do with any vulnerabilities or weaknesses in the Bitcoin protocol, which you failed to do. That leaves very few other possible options. You’ve got a criminal making a claim here, and you post it up as if it were the truth. On what planet does someone operating a criminal operation get benefit of the doubt over some basic research? The immense amount of nonsense flying around against Bitcoin right now is becoming tiresome.

I’m skeptical of why any admin would run a hot wallet especially on a site like Silk Road. I seriously doubt they would leave 2000+ Bitcoins on a server wallet; that makes absolutely no sense. Nobody does that. I own https://BitPlastic.com and https://BitLaunder.com and all client funds are stored offline in cold paper wallets. If someone hacks the server (and they often do), they cannot steal any money from my users. Any intelligent admin would implement such a basic safety feature. My conclusion: Silk Road 2.0 got robbed by the admins.

This article is complete and utter bull****. The malleability bug in Bitcoin has absolutely nothing to do with being able to “steal” anything. That’s why countless articles have already corrected MtGox’s assertion that its to blame for their woes. Bitcoin was never compromised, and nothing about this irrelevant quirk in the system puts anyones balances at risk. Author: Do some minor fact checking before you write completely false articles.

Transaction Malleability means that a particular transaction that has a code associated with it, has instead another code. This is possible because the equation that create that code have in fact two possible solutions. You remember how 2 degree equation have different solutions, right. like y=x^2-1 for y=0 gives both +1 and -1. Well something similar.

From https://en.bitcoin.it/wiki/Transaction_Malleability if signature (r,s) is a solution then also the signature (r, -s (mod N)) is a solution.

So half way through the people change the code and substitute one solution for the other. Now with one code or the other, the transaction still happen. So I don’t know if they lost their money, was stolen, they are running away. What I know is that it is not possible that that bug has that effect.

The bug is not “recently discovered” unless you think that 2011 publication of discussions about it are “recent”. This is known and anyone who is implementing bitcoin should know about it. Mt Gox admitted that they were, in the CEOs words “too busy to notice” some changes that would have mitigated against this – Feb 2013. Their custom implementation was vulnerable for several reasons.

The bug does not let someone just withdraw. I believe that the site op just stole the coins and claimed that the attack allowed someone to steal them as cover. The reason is quite simple if you understand how and what this bug is/does.

Bitcoins are sent A->B. A generates a serial number as part of the send request to identify that transaction uniquely. The attacker now changes that serial number but cannot change anything else. B receives the bitcoins from A with the new serial number.

B then calls up A and says “wheres my money” and A looks at the serial number (incorrect process) and does not find it so A resends B the bitcoins. It requires that A make a 2nd transaction duplicating the first and this is not possible without horrible software or ignorant tech support that will trust B more than they should.

There are ways to find the transaction and have been discussed in great technical detail that would totally mitigate against this bug. Mt Gox did not listen, did not care, “was too busy” as the ceo put it and now wants to blame someone else for their internal process’ and software. The bug itself is 100% avoidable which is why it has been such a low priority. You just have to not be so stubborn like Mt Gox is and actually deal with it instead of having poor processes internally.

This is simply the evolution of the age old practice of criminals stealing from other criminals. SR2 evades the law through being anonymous.. By the same token, that anonyminity keeps them from employing the law and getting the best resources available to protect themselves.

This is nothing new. If it was a legal business there would be some way to get the authorities involved. High risk high gain.

Defcon is pretty hard to trust.. Simply a voice behind a wall with a lot to gain from dismantling the site and theft.

By the way, the ACA national exchanges are weak on security as well.. Sign up for socialized medical plans at your own risk.